Semaphor
MCP

Security

How Semaphor MCP enforces data security and access control.

All MCP queries pass through the same security enforcement as Semaphor dashboard queries. Your existing security policies are applied automatically — no additional configuration needed.

Organization Isolation

All data accessed through MCP is scoped to your organization:

  • Users can only access projects, dashboards, and domains within their organization
  • Organization ID is extracted from the authentication token
  • Cross-organization access is not possible

Security Policies

Semaphor enforces three layers of security on queries:

CLS (Connection-Level Security)

Controls which database connections a user can access. Applied to both query modes.

SLS (Schema-Level Security)

Controls which schemas, tables, and columns are visible to a user. Applied to both query modes.

RLS (Row-Level Security)

Filters rows based on user context by injecting SQL WHERE clauses automatically. Applied to both query modes.

Policy Enforcement by Query Mode

PolicyStandard ModeDev Mode
CLS (Connection-Level)YesYes
SLS (Schema-Level)YesYes
RLS (Row-Level)YesYes

Both standard and dev mode enforce all three security layers.

Semantic Domain Access Control

When generating a project token, use the semanticDomainAccess parameter to control which semantic domains are visible to the AI agent:

Limiting domain visibility
{
  "type": "project",
  "projectId": "p_1234567890abcdef",
  "projectSecret": "ps_abcdef1234567890",
  "orgUserId": "user_123",
  "semanticDomainAccess": {
    "mode": "include",
    "domains": ["sales_data", "marketing"]
  }
}

Available modes:

ModeBehavior
allAllow access to all semantic domains (default)
noneBlock access to all semantic domains
includeAllow only the listed domains
excludeAllow all domains except the listed ones

Session Security (Interactive)

For interactive OAuth sessions:

  • Authentication is tied to the user's Kinde OAuth identity
  • The current HTTP transport is stateless — no server-side session state is stored
  • Project access is validated on every tool call against the user's actual permissions
  • Users pass projectId explicitly, and each call verifies they have access to that project

Best Practices

  • Use project tokens with minimal access — Generate tokens scoped to only the data the AI agent needs
  • Configure semanticDomainAccess — Limit domain visibility to reduce the attack surface
  • Prefer standard-mode queries — Standard mode enforces all three security layers (CLS, SLS, RLS)
  • Rotate tokens periodically — Generate fresh tokens rather than using long-lived ones
  • Store tokens securely — Use environment variables or secret managers, never commit tokens to source code
  • Use HTTPS — All MCP communication should be encrypted (required in production)

Programmatic Access

Connect your own AI agents and scripts to Semaphor MCP.

Troubleshooting

Common issues and solutions for Semaphor MCP connections.

On this page

Organization IsolationSecurity PoliciesCLS (Connection-Level Security)SLS (Schema-Level Security)RLS (Row-Level Security)Policy Enforcement by Query ModeSemantic Domain Access ControlSession Security (Interactive)Best Practices